Security News

The Russia-linked cyberspy group known as Zebrocy has adopted COVID-19 vaccine-related lures in a recently observed phishing campaign, threat detection and response company Intezer reported on Wednesday. Initially detailed in 2018, Zebrocy is believed to be associated with the infamous Russian state-sponsored hacking group Sofacy.

A Russian citizen living in Denmark has been charged with espionage for allegedly having provided information about Danish energy technology, among other things, to an unnamed Russian intelligence service, the Danish prosecution authority said Wednesday. If found guilty, the Russian citizen faces up to six years in jail.

Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives to avoid detection. Inside the image were a PDF file and an executable posing as a Microsoft Word document, which Zebrocy malware.

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a sub-group of APT28, cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy malware.

Norway's domestic spy agency on Tuesday blamed a Russian hacker group linked to Moscow's military intelligence for a cyberattack on the Norwegian parliament earlier this year. Norwegian Foreign Minister Ine Eriksen Soreide later accused Russia of being behind the attack, and PST investigators have now strengthened her claims.

Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament email accounts on August 24, 2020, according to the Norwegian Police Security Service. One month later, Norway's Minister of Foreign Affairs Ine Eriksen Søreide shared additional info on the August Parliament attack saying that Russian hackers were responsible for the breach.

The US National Security Agency on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.

Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday. The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

A Russian bitcoin expert at the center of a multi-country legal tussle was sentenced in Paris on Monday to five years in prison for money laundering and ordered to pay 100,000 euros in fines in a case of suspected cryptocurrency fraud. Vinnik denies wrongdoing, and his lawyers are discussing whether to appeal.

The National Security Agency warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. VMware released security updates to address the security bug on December 3rd after publicly disclosing the vulnerability two weeks ago and providing a temporary workaround that fully removes the attack vector and prevents exploitation.